(12) INTERNATIONAL APPLICATION PUBLISHED UNDER THE PATENT COOPERATION TREATY (PCT) 



(1 9) World Intellectual Property Organization 

International Bureau 




i.nin .;rii! < :r.i]:iii:]jiii'ii!:!i;i..:]iiii:i:iii:ii!]ii'i;[:i]ni] ^ii.ir 



(43) International Publication Date (10) International Publication Number 

19 July 2001 (19.07.2001) PCT WO 01/52543 Al 



(51) International Patent Classification 7 : H04N 7/167 

(21) International Application Number: PCI7US0 1/01 173 

(22) International Filing Date: 12 January 2001 (12.01.2001) 

(25) Filing Language: English 

(26) Publication Language: English 



(30) Priority Data: 
09/483,066 



14 January 2000 ( 14.0 1 .2000) US 



(71) Applicant: DIVA SYSTEMS CORPORATION 

[US/US]; 800 Saginaw Drive, Redwood City, CA 94063 
(US). 

(72) Inventor: BERTRAM, Michael, C; 417-17 Camille Cir- 
cle, San Jose, CA 95134 (US). 

(74) Agents: SUEOKA, Greg, T. et al.; Fenwick & West LLP, 
Two Palo Alto Square, Palo Alto, CA 94306 (US). 



(81) Designated States (national): AE, AG, AL, AM, AT, AU, 
AZ, BA, BB, BG, BR, BY, BZ, CA, CH, CN, CR, CU, CZ, 
DE, DK, DM, DZ, EE, ES, FI, GB, GD, GE, GH, GM, HR, 
HU, ID, IL, IN, IS, JP, KE, KG, KP, KR, KZ, LC, LK, LR, 
LS, LT, LU, LV, MA, MD, MG, MK, MN, MW, MX, MZ, 
NO, NZ, PL, FT, RO, RU, SD, SE, SG, SI. SK, SL, TJ, TM, 
TR, TT, TZ, UA, UG, UZ, VN, YU, ZA, ZW. 

(84) Designated States (regional): ARIPO patent (GH, GM, 
KE, LS, MW, MZ, SD, SL, SZ, TZ, UG, ZW), Eurasian 
patent (AM, AZ, BY, KG. KZ. MD, RU, TJ, TM), European 
patent (AT, BE, CH, CY, DE. DK, ES, FI, FR, GB, GR, IE, 
IT, LU, MC, NL, PT, SE, TR), OAPI patent (BF, BJ, CF, 
CG, CI, CM. GA, GN, GW, ML, MR, NE, SN, TD, TG). 

Published: 

— with international search report 

— before the expiration of the time limit for amending the 
claims and to be republished in the event of receipt of 
amendments 

[Continued on next page] 



= (54) Title: CONDITIONAL ACCESS AND SECURITY FOR VIDEO ON-DEMAND SYSTEMS 



Broadcast 
Sources 

1Q2a/b/c 



400 



CO 
if) 



o 




B = Transmission of VOD 
B services 




(57) Abstract: A system that provides secure 
ttansmission and complete access control for target 
devices. Such a system includes a distribution center, 
a video-on-demand system, a transmission network 
and a plurality of target devices. The video-on-demand 
system advantageously provides for encryption of the 
transmission, transmission of access keys, and access 
control. The target devices also include circuitry for 
communicating with the video server and decrypting 
the transmission and controlling access to video 
services. A method for providing conditional access 
to video services for a plurality of subscriber stations 
comprises the steps of: authorizing the plurality 
of subscriber stations to receive the video services; 
receiving a first order for a first video service from a 
first subscriber station; and transmitting tuning data to 
the first subscriber station so that the first subscriber 
station is able to receive the first video service. The 
method may also prevent the theft of the content of 
transmissions by performing the steps of: scrambling 
the first video service using a first key to generate 
a first scrambled video service; scrambling the first 
key using decryption data to generate a first scrambled 
key; distributing the decrypdon data to decrypt the first 
scrambled key to the plurality of subscriber stations; 
transmitting the first scrambled video service to the 
plurality of subscriber stations; and transmitting the 
first scrambled key to the plurality of subscriber 
stations. 
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1 CONDITIONAL ACCESS AND SECURITY 

2 FOR VIDEO ON-DEMAND SYSTEMS 

3 

4 Inventor: Michael C. Bertram 

5 

6 BACKGROUND OF THE INVENTION 

7 1. Field of the Invention 

8 This invention relates generally to the field of video distribution networks. Ln 

9 particular, this invention relates to conditional access and security for video on-demand 

10 distribution networks. 

11 2. Description of the Background Art 

12 Conditional access for digitally transmitted services satisfies at least two important 

13 goals. First, it protects the content from theft during transmission.. Second, it provides 

14 specific controls over which target devices may access and use the content. 

15 Three major digital video conditional access approaches currently exist in the 

16 marketplace. The GI Digicypher system from General Instruments and the SA Powerkey 

17 system from Scientific-Atlanta are used for digital broadcast services, primarily in the 

18 United States. DVB Common Scrambling Algorithm based systems are used primarily in 

19 Europe. 

20 Current practice for conditional access for digital broadcast services works well 



21 because of several attributes of broadcast services. These attributes include: 1) that digital 

22 broadcast services are usually comprised of a fairly small number of data streams (on the 

23 order of tens); 2) that digital broadcast services have many potential users of each data 

24 stream; and 3) that digital broadcast services can generally be pre-scheduled (this is true of 

25 both premium services and pay per view services) allowing authorization to be generated 



26 and distributed before they are needed. 

27 However, the current practice for conditional access for digital broadcast services 

28 does not work well for video on-demand services and systems. Video on-demand services 

29 have attributes which are quite different from the attributes of digital broadcast services. 

30 Problematic attributes of video on-demand services for conditional access systems include: 

31 1) that video on-demand services use a large number of data streams (on the order of 

32 thousands); 2) that video on-demand services target data streams to individual users; and 3) 

33 that video on-demand services are not pre-scheduled. 
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1 Although the current practice for conditional access for digital broadcast services 

2 can be applied to video on-demand services, the different attributes discussed above lead to 

3 problems. For example, the current practices for conditional access typically are not 

4 designed to accommodate the generation and distribution of encryption keys and 

5 authorizations for thousands of services. Additionally, the generation and distribution time 

6 for on-demand authorizations is not fast enough to support timely decryption of video on- 

7 demand services. 

8 Therefore, there is a need for conditional access systems and methods for video on- 

9 demand services that protects the content from theft and controls access of target devices to 
10 the content. 

11 

12 SUMMARY OF THE INVENTION 

13 The present invention overcomes the shortcomings of the prior art and provides a 



14 solution to the conditional access and security issues presented above. In accordance with 

15 the present invention, a method for providing conditional access to video services for a 

16 plurality of subscriber stations comprises the steps of: authorizing the plurality of subscriber 

17 stations to receive the video services; receiving a first order for a first video service from a 

18 first subscriber station; and transmitting tuning data to the first subscriber station so that the 

19 first subscriber station is able to receive the first video service. In another aspect, the 

20 present invention is also directed to preventing theft of the content of transmissions with a 

21 method comprising the additional steps of: scrambling the first video service using a first 

22 key to generate a first scrambled video service; generating a de-scrambling message having 

23 scrambling data to allow de-scrambling of the first video service by the plurality of 

24 subscriber stations; transmitting the first scrambled video service to the plurality of 

25 subscriber stations; and transmitting the de-scrambling message to the plurality of 

26 subscriber stations. 

27 The present invention also includes a system that provides secure transmission and 

28 complete access control for target devices. Such a system includes a distribution center, a 

29 video-on-demand system, a transmission network and a plurality of target devices or 

30 subscriber stations. The video-on-demand system advantageously provides for scrambling 

31 of the transmission, transmission of de-scrambling messages, and access control. The target 

32 devices also include circuitry for communicating with the video server and de-scrambling 

33 the transmission and controlling access to video services. 
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1 

2 BRIEF DESCRIPTION OF THE DRAWINGS 

3 Figure 1 is a schematic diagram of a conventional video broadcast distribution 

4 network. 

5 Figure 2 is a flow chart of the prior art method for processing of the content at the 

6 distribution center and transmission to subscriber stations. 

7 Figure 3A is a flow chart of the prior art method for receiving and processing a 

8 transmission at an authorized subscriber station. 

9 Figure 3B is a flow chart of the prior art method for receiving and processing a 

10 transmission at an unauthorized subscriber station. 

11 Figure 4A is a schematic diagram of a video-on-demand system utilizing the present 

12 invention. 

13 Figure 4B is a block diagram of a subscriber station in the system of Figure 4 A. 

14 Figure 5 is a flow chart of a preferred embodiment of the method for processing of 

15 the content at the distribution center and transmission to subscriber stations. 

16 Figure 6 A is a flow chart of a preferred embodiment of the method for receiving and 

17 processing a transmission at a subscriber station that has requested video-on-demand 

18 services. 

19 Figure 6B is a flow chart of a preferred embodiment of the method for receiving and 

20 processing a transmission at an subscriber station that has not requested video-on-demand 

21 services. 

22 Figure 6C is a flow chart of a method for receiving and processing a transmission at 

23 a non-subscriber station attempting to pirate video-on-demand services. 

24 Figure 7 is a block diagram illustrating the transmission of data and keys with 

25 respect to time according to the prior art. 

26 Figure 8 is a block diagram illustrating the transmission of data and keys with 

27 respect to time according to the present invention. 

28 Figure 9 is a block diagram illustrating a hybrid/fiber coax network and the use of 

29 keys per channel and program according to the present invention. 
30 

31 
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1 DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS 

2 Throughout this description various terms are used to describe the invention. Unless 

3 modified by the following description, several of the terms are defined as follows: 

4 Scrambling comprises a method of protecting a data stream by transforming the value bits 

5 in the stream based on a given key. For the purposes of this disclosure, scrambling has the 

6 same meaning as encrypting. De-scrambling comprises a method of transforming data 

7 stream bits back to their original value based on the use of a key. For the purposes of this 

8 description, de-scrambling has the same meaning as decryption. A conditional access (CA) 

9 system is a system that generates keys, de-scrambling messages, and authorization messages 
10 supporting the scrambling and de-scrambling of, e.g., MPEG encoded programs. A de- 
ll scrambling message comprises a conditional access message containing de-scrambling 

12 information for a particular MPEG program. The de-scrambling information may be the de- 

13 scrambling key or the information a Set Top Box (or boxes) needs to generate or derive the 

14 de-scrambling key. An authorization message comprises a conditional access message 

15 authorizing a particular Set Top Box to use a de-scrambling key to de-scramble a particular 

16 MPEG program. 

17 Figure 1 is a schematic diagram of a conventional video broadcast network 100. 

18 The conventional video broadcast distribution network 100 typically includes one or more 

19 broadcast sources 102a, 102b, and 102c, one or more distribution centers 104, one or more 

20 secondary distribution networks 106, and a plurality of targets or subscriber stations 108a-i. 

21 The broadcast sources 102a, 102b, and 102c provided video and audio content for 

22 various channels in the broadcast network 100. For example, the broadcast sources 102a, 

23 102b, and 102c include what are referred to as premium channels such as HBO, Showtime, 

24 Cinemax, etc. The sources 102a, 102b, and 102c may also be, for example, pay-per-view 

25 (PPV) channels. The sources 102a, 102b, and 102c are typically coupled via a primary 

26 distribution network (show as connector lines) to the distribution center 104. 

27 The distribution center 104 may be, for example, a cable head-end. The distribution 

28 center 104 receives the content from the broadcast sources 102a, 102b, 102c, and associates 

29 the content with channels and transmits the content over predetermined channels in the 

30 secondary distribution network 106. The distribution center 104 is coupled via a secondary 

31 distribution network 106 to the subscriber stations 108a-i. The secondary distribution 

32 network 106 comprises for example, various amplifiers, bridges, taps, and drop cables. 
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1 Finally, the subscriber stations 108a-i may be, for example, set-top boxes and associated 

2 television equipment for viewing the video content by end users. 

3 Referring now to Figure 2, the prior art method for preventing theft of the 

4 transmission data is shown. The cable distribution networks 100 of the prior art prevents 

5 theft by scrambling the signals before transmission. Figure 2 illustrates the processing of 

6 the video and audio signals (content) done at the distribution center 104 before 

7 transmission. In the prior art, the distribution center 104 sends or distributes authorization 

8 for pre-scheduled services to the individual subscriber stations 108 in step 202. Then at 

9 some later time, the distribution center 1 04 scrambles a pre-scheduled service in step 206 

10 and at the same time generates a de-scrambling message in step 208. Next in step 210, the 

11 distribution center 104 sends the scrambled pre-scheduled service and the de-scrambling 

12 message over the network 106. 

13 Referring now to Figures 3A and 3B, the prior art method for processing the 

14 scrambled data at the subscriber stations 108a-i will be described. Figure 3 A shows the 

15 prior art method for receiving and processing a transmission at an authorized subscriber 

16 station 108a-i. In contrast, Figure 3B, shows the prior art method for receiving and 

17 processing a transmission at an unauthorized subscriber. These are the two general 

18 processing scenarios at the subscriber stations 108a-i provided with the prior art. 

19 Referring now to Figure 3 A, the processing at the subscriber station 108 begins in 

20 step 302 where the subscriber station 1 08 receives an authorization for pre-scheduled 

21 service over the secondary distribution network 206 from the distribution center 1 04. 

22 Parallel in time to, or even before or after step 302, the user inputs signals to a 

23 corresponding subscriber station 108 to tune the subscriber station 108 to the pre-scheduled 

24 service in step 306. Then in step 308, the subscriber station 108 receives the scrambled data 

25 for pre-scheduled service and a de-scrambling message. Once steps 302, 306, and 308 have 

26 been completed, the prior art process transitions to step 310. Now having received the 

27 necessary information from steps 302 and 308, the subscriber station 108 generates or 

28 derives the key using the de-scrambling message from step 308 if authorized. Next in step 

29 312, the subscriber station 108 de-scrambles the pre-scheduled service using the derived key 

30 from step 310. Having de-scrambled the signal, the subscriber station 108 can display the 

31 pre-scheduled service on a display device of the subscriber station 108. As has been noted 

32 above, the key is used to control access by the respective subscriber station 108 to the 

33 content. Thus, a unique key is needed for each program, and each subscriber station 108a-I 
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1 must receive the authorization before the key to the program can be decrypted in the prior 

2 art. 

3 Referring now to Figure 3B, the processing that occurs when an unauthorized 

4 subscriber station 108 attempts to gain access to the content is illustrated. Figure 3B is a 

5 flow chart of the prior art method for receiving and processing a transmission at an 

6 unauthorized subscriber station. For ease of understanding like reference numerals have 

7 been used for like steps. Similar to the authorized case, the user inputs signals to a 

8 corresponding subscriber station 108 to tune the subscriber station 108 to the pre-scheduled 

9 service in step 306. Also in step 308, the subscriber station 108 receives the scrambled data 

10 for pre-scheduled service and the de-scrambling message. However, step 302 at the 

11 unauthorized subscriber station 1 08 are never completed. Rather as shown by the flow chart 

12 in step 316 the subscriber station 108 does not receive the authorization for pre-scheduled 

13 services. Therefore, the unauthorized subscriber station 108 is unable to perform step 310 

14 and is unable to derive the key and de-scramble the signal for display in step 320. Thus, 

15 Figures 3 A and 3B show the importance in the prior art of having a fairly small number of 

16 data streams (on the order of tens) that have many potential users, and that digital broadcast 

17 services can generally be pre-scheduled allowing authorization to be generated and 

18 distributed before they are needed. 

19 Figure 4 is a schematic diagram of a system 400 utilizing the present invention. The 

20 present invention is directed to the addition of a video-on-demand system 402 and to 

21 providing conditional access and security in such a combined system 400. Again, for ease 

22 of understanding like reference numerals have been used for similar elements with the same 

23 functionality. The combined system 400 preferably comprises one or more broadcast 

24 sources 102a^/c, one or more video-on-demand (VOD) system 402, a distribution center 

25 104, a VOD content server 404, a session manager 406, a transport multiplexer 410, a 

26 conditional access system, a secondary distribution network 106 and a plurality of 

27 subscriber stations 408a-408i. An exemplary such video-on-demand system 400 is 

28 described in pending U.S. Patent Application Number 08/984,710, filed December 4, 1997, 

29 and entitled "System for Interactively Distributing Information Services," the disclosure of 

30 which is incorporated herein by reference. The following description will focus on 

31 differences from such a system. 

32 As noted above, the combined system 400 differs from the prior art of Figure 1 by 

33 providing video-on-demand data streams. To provide such functionality, the system 400 
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1 has a plurality of VOD systems 402 to provide the content as requested by the subscriber 

2 stations 108a-108i in addition to the broadcast sources 102 used in traditional cable 

3 networks to provided video and audio content for various channels. The VOD system 402 

4 for example may include various movies that may be requested by the user. The available 

5 number of movies to the subscriber stations 108a-108i can be in the thousands. Both the 

6 broadcast sources 1 02 and the VOD system 402 are coupled to provide their content to the 

7 distribution center 1 04, preferably via a primary distribution network. 

8 The VOD system 402 preferably comprises a content server 404, a session manager 

9 406, a transport stream multiplexer/scrambler 410 and a conditional access system 412. The 

10 content server 404 stores the video content such thousands of movies, and in response to 

11 signals from the session manager 406 provides the video content to the transport stream 

12 multiplexer/scrambler 410. The session manager 406 controls the content server 404, the 

13 transport stream multiplexer/scrambler 410 and the conditional access system 412 in 

14 response to user requests. The session manager is coupled to each of these devices for 

15 sending control signals. The session manager 406 is also coupled to each subscriber station 

16 408 by a out of band communication channel 420 to receive input from the subscribers. 

17 Although only one such path is shown in Figure 4A, it should be understood there is such a 

18 coupling for each subscriber station 408a-i. In response to signals from the session manager 

19 406, the conditional access system 412 sends control signals, encryption keys and 

20 authorization messages to the transport stream multiplexer/scrambler 410. As will be 

21 known to those skilled in the art, multiple commercial vendors offer conditional access 

22 systems compatible with conditional access messaging defined by the MPEG-2 standard 

23 that could be used for conditional access system 412. The transport stream 

24 multiplexer/scrambler 410 send the content and control signal in both scrambled and not 

25 scrambled format to the distribution center 104. The session manager 406 also instructs the 

26 transport stream multiplexer/scrambler 410 which channels and program ID to use when 

27 transmitting the content. 

28 The distribution center 104 is similar to that described above with reference to 

29 Figure 1 . The distribution center 104 transmits the typical broadcast content, but also 

30 transmits the content, access and communication necessary for VOD services. For example, 

31 the VOD system 402 may provide the functionality as described in U.S. Patent Application 

32 Serial No. 08/984,710, filed December 4, 1997, entitled "System for Interactively 
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1 Distributing Information Service" which is incorporated herein by reference. The 

2 distribution center 104 is coupled to the secondary distribution network 106. Those skilled 

3 in the art will recognize that distribution center 1 04 of the present invention differs from the 

4 prior art in the following respects. First, the streams transmitted include both the typical 

5 broadcast content (A) but also video-on-demand services (B) as shown in the Figure 4. 

6 Second, the coupling of the distribution center 104 to the secondary distribution network 

7 106 provides a return channel (shown by dotted line 420) for sending signals from the 

8 subscriber stations 408a-i to the VOD system 402, in particular, the session manager 406. 

9 Third, the VOD services are provided on channel resources that are re-used and reallocated 

10 to different subscribers, and the subscriber station requires tuning information to access the 

11 VOD services. Finally, that there is processing by the VOD system 402, and 

12 communication between the VOD system 402 and the subscriber stations 408, as will be 

13 described above with reference to Figures 5-6C, to enforce transmission security and access. 

14 The distribution center 104 and the VOD system 402 are coupled via a secondary 

15 distribution network 106 to the subscriber stations 408a-408i. The secondary distribution 

16 network 106 comprises for example, various amplifiers, bridges, taps, and drop cables. The 

17 subscriber stations 408a-408i are, by way of example, set-top boxes and associated 

18 television equipment for viewing the video content by end users. In the present invention, 

19 the subscriber stations 408a-408i or set-top boxes differ from the prior art in that they 

20 included added functionality in the form of programs downloaded or stored in ROM that 

21 provide the functionality described below with reference to Figures 6A-6C. More 

22 specifically, the programs provide method for ensuring that access to the VOD services are 

23 authorized and that does not suffer from the above-identified shortcomings of the prior art. 

24 Referring now to Figure 4B, one exemplary embodiment for a subscriber stations 408 is 

25 shown. Each subscriber station 408 preferably comprises a tuner/de-multiplexer 450, a 

26 controller 452, a de-scrambler 454, a key generator 456, a video decoder 457, and a display 

27 device 458. Basically, the tuner/de-multiplexer 450 tunes to a particular frequency and 

28 program ID in response to signals from the controller 452. The tuner/de-multiplexer 450 

29 monitors the channels and extracts the signals for the identified channel. The tuner/de- 

30 multiplexer 450 also extracts control information from the channel and provides it to the 

31 controller 452 and the key generator 456. General control signals, tuning information, and 

32 other communication with the session manager 406 are provided to the controller 452. . 

33 The tuner/de-multiplexer 450 also extracts and provides entitlement management messages 
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1 and entitlement control messages to the key generator 456. For example, the key generator 

2 456 may be a smart card coupled to the subscriber station 408 or may be ROM included in 

3 the subscriber station 408. Using the EMMs and the ECMs, the controller 452 enables the 

4 key generator 456 to derive a key that is sent to the de-scrambler 454 to de-scramble or 

5 decrypt the video content. Once de-scrambled, the video streams are presented to the video 

6 decoder 457 that converts the MPEG streams to an video analog signals. The analog signals 

7 are then presented to a display device 458. 

8 It should be noted that while the methods of the present invention will now be 

9 discussed in the context of a video distribution system for cable networks, the present 

10 invention is applicable to any variety of video distribution system whether is uses cable or 

11 some other media for distribution such as but not limited to a satellite system, a digital 

12 subscriber line system, and a microwave system. 

13 Referring now to Figure 5, a preferred embodiment of the method for processing of 

14 the content at the distribution center 1 04 and transmission of the content to subscriber 

15 stations 408 according to the present invention is shown. The method begins in step 501 by 

16 configuring the conditional access system 412 to scramble all the VOD programs as 

17 scrambled broadcast services. In other words, the VOD services are provisioned to be 

18 scrambled all the time. This is preferably done prior to the authorization of any subscribers 

19 to the VOD services. The programs are also scrambled independent of any particular 

20 content carried on the VOD streams. This is particularly advantageous because it addresses 

21 the problem that the VOD services are not pre-scheduled. Next in step 502 at least one 

22 subscriber station 408 is authorized for all VOD services. More preferably, the present 

23 invention authorizes all subscriber stations 408 connected to the network for all VOD 

24 services. This authorization is preferably accomplished by having the server 404 send the 

25 authorization to the all subscriber stations 408. An authorization message is a message 

26 authorizing a particular subscriber station to use a de-scrambling key to de-scramble a 

27 program. More specifically, authorization of the subscriber stations 408 is performed by 

28 sending an entitlement management message (EMM) from the distribution center 1 04 to 

29 each of the subscriber stations 408. This step 502 is preferably performed at initialization of 

30 the communication between a particular subscriber station 408 and the system 400. 

31 At some later point in time after step 502 has been performed, the method proceeds 

32 in parallel to steps 512, 506, 508. Since the system 400 provides the streams of video data 

33 in response to a request from respective subscriber station 408. The duration between step 
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1 502 and the other steps 512, 506, 508 can vary, significantly for each subscriber station 408 

2 and may be any length of time. In step 512, using the return channel unique to the VOD 

3 system 400, the VOD system 402 and distribution center 104 receives a request or order for 

4 VOD services from a particular subscriber station 408. Next in step 5 14, responsive to the 

5 request, the VOD system 402 and distribution center 1 04 sends tuning data to the individual 

6 subscriber 408. This preferably accomplished by sending the frequency and MPEG 

7 program number by reference or value using the VOD downstream communication control 

8 path. The actual information for tuning to the channel may be provided or this virtually 

9 may be done by providing a index to a table at the subscriber station 408 that is used to look 

10 up the value in a table. This feature of the present invention is particularly advantageous 

11 because it solves the problem presented VOD services of targeting data streams to 

12 individual users. In broadcast systems, the tuning information is know by the user, can be 

13 used to tune to the program and cannot be used to control access. However, in the present 

14 invention, since different program streams are targeted to different users, the transmission 

15 and use of the tuning information as described above permits the targeting of particular 

16 programs streams to particular users as was not possible in the prior art. In step 506, the 

17 VOD system 402 and distribution center 104 scrambles or encrypts the streams of the VOD 

18 service; and in step 508, the VOD system 402 and distribution center 104 generate a de- 

19 scrambling message for producing the key for decoding the streams of the VOD service. 

20 The de-scrambling message preferably includes data that can be used by the subscriber 

21 station 408 to derive or generate the key. The de-scrambling message preferably takes the 

22 form of an entitlement control message (ECM) in the MPEG protocol. The present 

23 invention preferably uses the same key or key set for a number of programs. Then in step 

24 510, the distribution center 104 transmits the scrambled VOD service and the de-scrambling 

25 message over the secondary distribution network 106. This completes the processes of the 

26 present invention at the distribution center 104. As has been described above, the security 

27 of the content being distributed is maintained by the present invention using scrambling or 

28 encryption. Any one of the various and conventional encryption methods could be used. It 

29 should be noted the present invention is particularly advantageous because the system 400 

30 uses the same keys for all subscriber stations 408. Thus, even with thousands of 

31 subscribers, the distribution of the keys is not problematic. In other words, the keys are 

32 used to protect against theft of the transmission signal but are not use to control or prevent 

33 access by a subscriber station 408. While the present invention uses multiple keys for 
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1 groups of subscribers, the present invention avoids the problem of the prior art of requiring 

2 a key for each subscriber station 408 connected to the network 106. 

3 Referring now to Figures 6A-6C, the various processes that may occur at the 

4 subscriber stations 408 will be described. With the method of the present invention, there 

5 are three possible scenarios: an authorized user ordering VOD service, a subscriber not 

6 ordering VOD service, an attempt to pirate or steal VOD service. 

7 Referring particularly to Figure 6A, the preferred method for receiving and 

8 processing a transmission at a subscriber station 408 that has requested video-on-demand 

9 services will be described. The process begins in step 608 with the user inputting an order 

10 " for VOD services, and the respective subscriber station 408 receiving input and generating 

11 an order for VOD services that is sent over the back channel to the video VOD system 402. 

12 Then in step 610, the subscriber station 408 receives tuning data indicating both which 

13 channel of a plurality of pre-defined VOD channels the content will be transmitted on and 

14 which PIDs (program identification numbers) the content will be marked with. The PIDs 

15 are selected by the session manager 406 and sent by value or by reference to the server 404 

16 and the subscriber station 408. The sever 404 preferably provides the requested program on 

17 an available channel and the PIDs are included in the header of all packets sent on a stream 

18 and associated with the program. Then in step 612, the subscriber station 408 tunes to the 

19 channel specified by the tuning data from step 610. Next in step 606, the subscriber station 

20 408 receives the scrambled or encrypted VOD service and the de-scrambling message in 

21 step 606 responsive the execution of step 510 by the distribution center 104. After step 606, 

22 the method continues in step 614. However, prior to step 614, the subscriber station 408 

23 performed step 602 to receive authorization for all VOD service. The subscriber station 408 

24 performs step 602 responsive to step 502, and need perform step 602 only once upon 

25 initialization, and long before step 614. Such information would be stored at and by the 

26 subscriber station 408. Then in step 614, the subscriber station 408 uses the de-scrambling 

27 message, namely the decryption data, to derive or generate the key for de-scrambling the 

28 content. Next in step 616, the key is used to de-scramble the VOD service. Finally, in step 

29 618, the subscriber station 408 decodes the signal and displays it the VOD on an associated 

30 display device. It should be noted that access to the VOD service is controlled in two ways. 

31 First, requiring the key for decryption protects all content of the VOD service. Second, the 

32 access to the VOD service for a particular subscriber station 408 is controlled by the VOD 
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1 system 402 that controls whether the subscriber station 408 knows which channel is being 

2 used to provide the VOD service, thus, to which the subscriber station 408 must tune. 

3 Those skilled in the art will recognize that additional keys may be used to provide 

4 additional levels of security. For example, at a later time a second key may be substituted 

5 for the first key, where the first key and the second key are both members of a first set of 

6 keys, and where the decryption data is usable to decrypt each member of the first set of 

7 keys. These and other modifications to the general methods described above with reference 

8 to Figures 5 and 6A are contemplated by the present invention. 

9 Referring now to Figure 6B, the case where a subscriber station 408 has not 

10 requested video-on-demand services will be described. Figure 6B illustrates the processing 

11 that occurs at the subscriber station 408 when no service has been requested. As shown, the 

12 subscriber station 408 performs step 602 as do all subscriber stations 408 to become 

13 authorized for VOD services. However, since no service has been ordered, the subscriber 

14 station 408 will not send a request for VOD service to the VOD system 402 in step 620, and 

15 therefore, will also never receive the necessary tuning data in step 622. Thus, any attempts 

16 in step 624 to get the VOD service without notifying the video VOD system 402 and thus 

17 not be charged is not possible. Figure 6B, most clearly shows that it is the failure to provide 

18 tuning data in the present invention that prevents a authorized subscriber station 408 that 

19 has not ordered the VOD services from decoding the VOD services signal. 

20 Referring now to Figure 6C, the processing that occurs at the subscriber station 408 

21 when a non-subscriber attempts to pirate video-on-demand services will be described. The 

22 non-subscriber by definition will not receive the authorization in step 628. Since the 

23 subscriber station 408 is a non-subscriber there will have been no initialization and not 

24 received the authorization in step 628. Nonetheless, the non-subscribing station 408 may 

25 through illegitimate means determine the tuning data in step 626. Then in step 612, the 

26 non-subscribing station 408 could tune to the channel having the VOD services. Next in 

27 step 606, the non-subscribing station 408 receives the scrambled VOD services and the de- 

28 scrambling message. In step 632, the non-subscribing station 408 will attempt to derive or 

29 generate the key, however, it does not have the authorization and data necessary to derive 

30 the key, and therefore will be unable to de-scramble the VOD services. Thus, the lack of 

31 the authorization and thus the key provides the protection against theft of the VOD services. 

32 The differences between the claimed invention and the prior art are further 

33 highlighted by Figures 7 & 8. Each Figure shows the distribution of keys for controlling 
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1 access to the video content provided by the distribution center 104. Figure 7 is a block 

2 diagram illustrating the transmission of data and keys with respect to the transport stream 

3 such as MPEG according to the prior art. As shown in Figure 7, for each program, the prior 

4 art sends a different key associated with the program, and thus, controls access to the 

5 program. In other words, each subscriber station 408 is enabled to access the program 

6 depending on whether the subscriber station 408 has received the key corresponding to the 

7 program. In the prior art this is not problematic because there are relatively few programs. 

8 In contrast in VOD services, there may be thousands of programs, and if each required a 

9 separate key, the distribution of the keys themselves would cause failures making the 

10 programs not accessible to the subscriber stations 408. In contrast and as shown in Figure 

11 8, the methods of the present invention do not use the keys to control access to the 

12 programs, and do not require a separate key set for each program. As can be seen in Figure 

13 8, a single key or key set is distributed to all subscriber stations. This key or key set is then 

14 used for all programs. This greatly reduces the control traffic over the network 106, and is 

15 particularly advantageous for VOD services where the thousands of programs requiring a 

16 separate key for each subscriber station are not possible. 

17 Referring now to Figure 9, the advantage of the present invention in using one or a 

18 smaller set of key is shown. Figure 9 is diagram for a hybrid fiber/coax network 900 

19 including a headend 902, plurality of nodes 904 providing a plurality of channel 906 each 

20 having a plurality of programs 908. Figure 9 illustrates the use of the same key for each 

21 channel. In such a case, the number of keys to be distributed is reduced by a factor of n. 

22 Where n is the number of programs 908 per channel or frequency. In the preferred 

23 embodiment for the system described above this an 8:1 reduction in the number of keys 

24 needed. Similarly, this concept can be extended to used one key for groups of channel, or 

25 even one key for each node. Thus, the present invention ensures that the distribution of 

26 keys is not a obstacle to providing the conditional access desired. 

27 Thus, in summary, the present invention uses the mechanisms of (1) scrambling, (2) 

28 authorization messages and (3) tuning to control access. The subscriber station 408 requires 

29 all three to be able to receive and de-scramble signals transmitted over the network 106 to 

30 the subscriber station 408. The present invention, however, minimizes traffic over the 

31 network 106 by using the same encryption/decryption keys for the channels; and sending 

32 authorization messages upon initialization. Therefore, even though there are thousands of 
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programs each being sent to individual subscriber, conditional access is maintained with 
nominal impact on network bandwidth. 

It is to be understood that the specific mechanisms and techniques that have been 
described are merely illustrative of one application of the principles of the invention. For 
example, while the present invention is described in application to a video on-demand 
system, it also has some application in other point cast on-demand services such as data. 
Numerous additional modifications may be made to the methods and apparatus described 
without departing from the true spirit of the invention. 
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WHAT IS CLAIMED IS: 



1 LA method for providing conditional access to video-on-demand services for a 

2 plurality of subscriber stations, the method comprising: 

3 sending an authorization message to the plurality of subscriber stations to authorize 

4 the plurality of subscriber stations to receive the video-on-demand services; 

5 receiving a first order for a first video service from a first subscriber station; and 

6 transmitting tuning data to the first subscriber station so that the first subscriber 

7 station is able to receive the first video service. 

1 2. The method of claim 1, further comprising the steps of: 

2 scrambling the first video service using a first key to generate a first scrambled 

3 video service; 

4 scrambling the first key to generate a first scrambled key; 

5 transmitting the first scrambled video service to the plurality of subscriber stations; 

6 transmitting the first scrambled key to the plurality of subscriber stations. 

1 3. The method of claim 2, wherein the authorization message further comprises 

2 data to derive the first scrambled key to the plurality of subscriber stations. 

1 4. The method of claim 3 wherein the control message is an entitlement control 

2 message. 

1 5. The method of claim 3 wherein the de-scrambling message is an entitlement 

2 control messages. 

1 6. The method of claim 1, wherein the step of transmitting tuning data includes 

2 transmitting a service frequency and a MPEG program number by value or reference. 

1 7. The method of claim 1, wherein the video services comprise video on- 

2 demand services. 

1 8. The method of claim 1, wherein.the video services are distributed by way of 

2 a video distribution system from the group of video distribution systems including a cable 
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3 distribution network, a satellite system, a digital subscriber line system, and a microwave 

4 system. 

1 9. The method of claim 2, wherein at a later time a second key is substituted for 

2 the first key, where the first key and the second key are both members of a first set of keys, 

3 and where the decryption data is usable to decrypt each member of the first set of keys. 

1 10. A method for providing conditional access to video-on-demand services to a 

2 subscriber station in a video-onrdemand (VOD) system, the method comprising the step of: 

3 receiving an authorization message at the subscriber station from the VOD system; 

4 sending a signal to request a video service from the subscriber station to the VOD 

5 system; and 

6 receiving tuning data at the subscriber station; 

7 using the tuning data to tune to the video service; and 

8 receiving the video service and displaying it on display device. 

1 11. The method of claim 10, wherein the step of receiving the video service 

2 further comprises the steps of: 

3 receiving and de-scrambling a encryption/decryption key; 

4 de-scrambling the video service using the encryption/decryption key; and 

5 providing an unscrambled video service. 

1 12. The method of claim 11, where in the step of receiving an authorization 

2 message further comprises the steps of: 

3 receiving a control message for the subscriber station that includes an instruction to 

4 de-scramble the encryption/decryption key; and 

5 receiving a de-scrambling message that includes data to derive the 

6 encryption/decryption key. 

1 13. The method of claim 12 wherein the control message is an entitlement 

2 control messages. 

1 14. The method of claim 12 wherein the de-scrambling message is an entitlement 

2 control messages. 
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1 15. The method of claim 1 , wherein the step of receiving tuning data includes 

2 receiving a service frequency and a MPEG program number by value or reference. 

1 16. The method of claim 15, wherein the step of using the tuning data to tune to 

2 the video service comprises the step of setting a de-multiplexer to receive on the service 

3 frequency and extract packets matching the MPEG program number. 

1 17. The method of claim 11, wherein at a later time a second key is substituted 

2 for the first key, where the first key and the second key are both members of a first set of 

3 keys, and where the decryption data is usable to decrypt each member of the first set of 

4 keys. 

1 18. A method for conditionally accessing video services, the method comprising: 

2 transmitting an order for a first video service; 

3 receiving tuning data; 

4 using the tuning data to tune to the first video service; 

5 receiving an scrambled version of the first video service; and 

6 receiving an scrambled version of a first key for decrypting the scrambled version of 

7 the first video service. 

1 19. The method of claim 1 8, the method further comprising: 

2 receiving decryption data for decrypting the scrambled version of the first key; 

3 decrypting the scrambled version of the. first key using the decryption data to 

4 generate the first key; and 

5 decrypting the scrambled version of the first video service using the first key to 

6 generate the first video service. 

1 20. The method of claim 18, wherein the video services comprise video on- 

2 demand services. 

1 21 . The method of claim 18, wherein the video services are distributed by way of 

2 a cable distribution network. 
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1 22. The method of claim 2 1 , wherein the method is performed at a subscriber 

2 station coupled to the cable distribution network. 

1 23. The method of claim 1 8, further comprising receiving authorization for the 

2 video services. 

1 24. The method of claim 1 9, wherein the decryption data is received by way of 

2 an entitlement control message. 

1 25. The method of claim 19, wherein at a later time a second key is substituted 

2 for the first key, where the first key and the second key are both members of a first set of 

3 keys; and where the decryption data is usable to decrypt each member of the first set of 

4 keys. 

1 26. A video-on-demand system providing conditional access to video services, 

2 the system comprising: 

3 a video-on-demand system for providing video content, tuning information and 

4 access control messages; 

5 a distribution network coupled to the video-on-demand system for transmitting 

6 video content, tuning information and access control messages, the 

7 distribution network coupled to the video-on-demand system; and 

8 a plurality of subscriber stations being coupled to the distribution network to receive 

9 video content, tuning information and access control messages, the subscriber station tuning 

10 to a frequency and de-scrambling video content in responsive to access control messages 

11 from the video-on-demand system. 

1 27. The system of claim 26, wherein the video-on-demand system further 

2 comprises: 

3 a content server for storing and providing video content; 

4 a multiplexer/scrambler for multiplexing a plurality of signal and generating video 

5 streams, the multiplexer/scrambler coupled to the content server and 

6 responsive to control signals; and 
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7 a session manager for controlling the video content provided by the content server 

8 and its transmission, the session manage coupled to the video content server 

9 and the multiplexer/scrambler. 

1 28. The system of claim 26, further comprising a conditional access system 

2 coupled to the session manager and the multiplexer/scrambler, the conditional access 

3 system providing control signals, encryption keys and authorization messages to the 

4 multiplexer/scrambler in response to signals from the session manager. 

1 29. The system of claim 28, wherein the conditional access system uses ECM to 

2 send control signals to the subscriber stations. 

1 30. The system of claim 28, wherein the conditional access system uses the same 

2 ECM having the same key for the plurality of subscriber stations. 

1 31 . The system of claim 28, wherein the conditional access system provides an 

2 authorization message to each subscriber stations upon initialization to enable access to and 

3 de-scrambling of the video service. 

1 32. The system of claim 27, wherein the session manager controls the frequency 

2 and program ID for the video content provided the distribution network. 

1 33. The system of claim 26, wherein the subscriber station further comprises: 

2 a de-multiplexer coupled to the distribution network to receive the video content; 

3 a key generator for producing a key and coupled to the de-multiplexer to receive an 

4 ECM; 

5 a de-scrambler coupled to the key generator and the de-multiplexer, the de- 

6 scrambler decrypting a signal from the de-multiplexer to generate the video 

7 content; and 

8 a controller coupled to VOD system to receive control signals, the controller coupled 

9 to the key generator to provide an EMM and the de-multiplexer to provide 
10 tuning information. 
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